Anti-Money Laundering, Counter-Terrorist Financing Policy, and Know Your Customer Policy (AML, CTF, and KYC Policy)

Policy Statement

This Anti-Money Laundering, Counter-Terrorist Financing Policy, and Know Your Customer Policy (further referred to as AML, CTF, and KYC Policy) of Zafiro International Ltd [the operator of NC Wallet digital asset wallet and further also referred to as “NC Wallet”] (“Zafiro”, “the Company”, “we”, “us”, or “our”) is the policy created to comply with anti-money laundering and counter-terrorist financing rules, laws, and regulations.

Purpose of the Policy

This policy was created in order to prevent and mitigate potential risks of the Company being involved in any kind of illegal activity and to implement effective internal mechanisms to fight money laundering and terrorist financing.

Definitions

Money Laundering (ML). The illegal process of making or attempting to make money obtained as the result of illegal activity, or as the result of participating in such illegal activity (such as drug and human trafficking, terrorist funding, weapons proliferation, corruption, bribery, and other) appear as if obtained from a legal source.

Terrorist Financing (TF). The process of providing financing to support an act of terrorism, or terrorist organisations. Any kind of financial or other support provided to any form of terrorism.

Beneficial Owner (BO). An individual who makes a transaction, act, action, operation or step or otherwise exercises control over a transaction, act, action, operation or step and in whose interests or favour or on whose account a transaction or action, operation or step is made. In the case of companies, a beneficial owner is an individual who ultimately owns or controls a legal person through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that person, including through bearer shareholdings, or through control via other means.

Politically Exposed Person (PEP). A person entrusted with prominent public functions such as a head of state, head of government and similar functions. As well as a family member or a person equivalent to a family member of a politically exposed person such as a spouse, child, their spouse, parent, etc. As well as a person known to be a close associate of the politically exposed person, such as a (joint) beneficial owner of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person.

AML, CTF, and KYC Policy covers the following matters:

  • Internal Procedures;
  • Training;
  • Compliance officer;
  • Verification procedures;
  • Risk Assessment;
  • Verification process;
  • Monitoring of transactions;
  • AML Program Audit.

Internal Procedures

We have implemented a system of internal procedures in order to comply with applicable AML and CTF regulations, including, but not limited to:

  • Procedures to verify the user’s identity, and store the necessary information for personal and financial operations identification;
  • Introduction of a person responsible for the coordination of compliance with this Policy – the Compliance Officer;
  • Procedures for monitoring, assessment, verification, and detection of suspicious activity;
  • Training and education of employees concerning their responsibilities under this Policy, including reporting of suspicious activity;
  • Independent audit of the AML program.

Training

All the appropriate personnel of the Company shall pass a full AMT and CTF training on a regular basis in order to stay informed about methods of money laundering and terrorist financing risks along with being instructed on how to act if suspicious activity is detected, new trends of suspicious activity. The training program is revised and updated regularly to reflect current laws and regulations.

Compliance Officer

The Compliance Officer is an employee of the Company put in charge of implementation and enforcement of the AML, CTF, and KYC Policy. The Compliance Officer is responsible for the supervision of all aspects of this Policy, such as establishing internal policies, compliance of internal policies with the applicable law and regulations, training of employees, review, and response to any inquiries concerning this Policy, management of any stored information related to the enforcement of this Policy. The Compliance Officer is entitled to cooperate with law enforcement to prevent any illegal activity connected to money laundering or terrorist financing.

Verification Procedures

The Company follows international standards for the prevention of illegal activity, including the customer Due Diligence standard (CDD). According to CDD the Company adopts due diligence measures for identification and verification of its customers within the anti-money laundering and Know Your Customer frameworks.

The due diligence measures may require a customer to provide identification documents (such as national ID, international passport, bank statement, driver’s licence, etc.) to allow the Company to identify or investigate the customer.

The company has a right to verify the customer’s identity information, especially if it has been changed or the customer’s activity raises suspicion (different from the customer’s usual activity).

If the customer’s information or activity was considered suspicious at any moment, if the information provided by the customer was found to be false, or if the customer refused to provide the requested information, the Company has a right to refuse to establish a business relationship with the customer and terminate his account.

In addition, the company reserves the right to request up-to-date and/or additional information even after the user has passed verification in the past. The company will not provide service to customers from international sanctions and watch lists. The Company will not have any business relationships with customers that have been determined to be risky or suspicious.

The customers’ information will be collected, stored, shared, and secured strictly in accordance with the Company’s Privacy Policy and related regulations.

Risk Assessment

The company uses a risk-based approach to defining the customers (an individual or a legal entity) that represent the highest ML and TF risks. The risk assessment will be used to prioritise potential threats of ML and TF – the largest threats receive the highest attention. This will allow for the most efficient distribution of resources.

After the risk assessment is finished, one of the risk level categories will be assigned to a customer:

Normal Risk

The risk level is normal, there are no prominent risk characteristics present.

High Risk

  • The customer is from a high-risk country;
  • The customer is a PEP or a person associated with a PEP;
  • There is a divergence in documents provided by the customer;
  • The customer provided counterfeited or otherwise not valid documents or contact details;
  • The customer had a record of financial offence, is a terrorist, or a wanted person;
  • Area of activity of the customer is associated with enhanced money-laundering risk;
  • The customer is a resident, a citizen, or having a nationality of a country with prohibition or restriction on cryptocurrencies, low or tax-free countries or other high-risk countries;
  • The activities and liability of the customer are insufficiently regulated by law, and their financing legality is not easy to verify;
  • The representative or the BO of the customer is a PEP or their family member;
  • The customer is suspected to be or to have been involved in a financial offence or other suspicious activity;
  • The customer is a non-resident individual, whose place of residence or activities is in a country, that is listed in the list of countries representing high risk;
  • The representative or the BO of the customer is a PEP or their family member;
  • There is information that the customer is suspected to be or was involved in a financial offence or other suspicious activity;
  • The customer is associated with a high risk of Money Laundering, or registered in a low-tax-rate country.

Risk by transactions

The Company may inspect any outstanding transaction, which includes but is not limited to large transactions that do not correspond to the user’s source of funds and/or source of wealth, transactions to offshore or shell banks(financial institution that does not have a physical presence in any country), executing payment via non-licensed payment institution, large daily movements of assets, etc.

Verification Process

An integral part of risk assessment is the verification process. The verification process is used to identify the customer as the Beneficial Owner (BO). Verification of the Beneficial Owner is a mandatory process and the Company reserves a right to conduct verification of any customer’s BO at any time. In the process of verification, the Company may request additional information regulated by this policy. The type of requested and collected information as well as its volume will depend on the risk level of a customer. The list of information requested from the customer may include, but is not limited to the list of information provided below.

Minimum verification information that may be requested from an individual:

  • First name, Last name;
  • Date of birth, place of birth;
  • Home address;
  • Phone number and email;
  • Government issued ID document (both sides);
  • Selfie with ID document;
  • Proof of residence (utility bill or similar);
  • Bank account details;
  • Customer occupation, magnitude and origins of salary and annual incomes;
  • Being a PEP or not;
  • Other information and documents on request of the Company.

Minimum verification information that may be requested from a legal entity:

  • Business name of the legal person;
  • Registry code or registration number and the date of registration;
  • ID of the shareholders (same as for the individual identification),
  • ID of the director(s) and/or members of the management board (same as for the individual identification),
  • ID of the representatives (same as for the individual identification);
  • Proof of the registered office/seat;
  • ID of the beneficial owners (same as for the individual identification);
  • Bank statement;
  • Proof of representation;
  • Articles of association;
  • Other information and documents on request of the Company.

Any personal information requested and collected from individuals or legal entities will be kept and protected in accordance with the relevant laws and the Company’s Privacy Policy.

Monitoring of Transactions

The Company will perform regular monitoring of transactions executed by customers to detect suspicious activity. The Company reserves a right to perform the following actions in order to detect suspicious activity:

  • Assess, capture data;
  • Filter, keep records of, investigate, suspend, or deny transactions that are found suspicious or representing the ML and/or TF risk;
  • Use both multi-level analysis by specially trained employees, and designated tools and external services for that purpose;
  • Review reports from other users, law enforcement, or other bodies through the Compliance Officer;
  • Request customers to provide additional information and/or documents in case of suspicion of illegal activity.

This list of ML and TF prevention measures is not exhaustive and may be extended if the Compliance Officer receives a solid reason to believe that the transaction may contain risk from any available or potential source.

If the transaction is found to be suspicious, the Compliance Officer will file a Suspicious Activity Report (SAR). The fact that a transaction was found suspicious or representing a risk is strictly confidential, no other person, except for the ones involved in the investigation (the Compliance officer, the customer, the legislative body, or any other Company employees directly dealing with the case) shall be informed about the SAR.

The Company will keep every SAR with all the details included in it for as long as necessary according to the Company’s Internal AML Policy.

AML Program Audit and Policy Review

The Company and the Compliance Officer are responsible for conducting an audit of the AML program on a regular basis. This Policy may be subject to change if necessary in order to comply with the new AML and CTF regulations, changes in business, and internal orders.